Friday, November 22, 2024

BreachLock Named Notable Vendor in 7th Gartner® Guidance Framework for Building an Application Security Program

Related stories

Capgemini, Mistral AI & Microsoft Boost Generative AI

Capgemini announced a global expansion of its Intelligent App...

Rackspace Launches Adaptive Cloud Manager for Growth

Rackspace Technology®, a leading hybrid, multicloud, and AI technology...

Theatro Launches GENiusAI to Boost Frontline Productivity

Theatro, a pioneer in voice-controlled mobile communication technology, is...

Denodo 9.1 Boosts AI & Data Lakehouse Performance

Latest release adds an AI-powered assistant, an SDK to...

Health Catalyst Launches AI Cyber Protection for Healthcare

Health Catalyst, Inc., a leading provider of data and...
spot_imgspot_img

BreachLock, a global leader in attack surface discovery and penetration testing, has been named a notable vendor in Gartner’s latest 2024 Guidance Framework for Building an Application Security Program.

“BreachLock is proud to be included as a notable vendor for application security alongside such security providers as Bishop Fox and Cobalt,” commented BreachLock Founder & CEO, Seemant Sehgal.  “As a global leader in penetration testing, our experts understand how applications and API-related data breaches can greatly affect business operations.  That is why it is so important to address the increased risk early with customers to help them establish the most appropriate and robust application security program across their software development life cycle (SDLC).”

In the past two years, 60% of enterprises have experienced a data breach caused by weak API Security1.  Gartner survey data shows that 41% of organizations deprioritize security tasks for delivery speed, which is not uncommon when trying to satisfy only business requirements without considering security2.  To help SRM leaders drive support for an application security program, Gartner recommends providing stakeholders with key data and examples of API-related breaches coupled with internal risk assessments such as3:

  • Data and applications classification based on criticality
  • Results from application security testing (AST) which include SAST and DAST and software composition analysis (SCA) scans
  • Data intelligence and output from threat models
  • Application complexity based on code and test coverage which are fundamentally unpredictable and can lead to vulnerabilities.

At Breachlock, we agree that application security begins with ensuring our customers understand the extent of their application environment. This involves cataloging the application assets and initially focusing on a select few applications. These assets may encompass web and application servers, containers, legacy software, and APIs providing underlying services, among others. The inventory comprises all data stored and transmitted by the application, alongside metadata. By conducting this inventory, an enterprise can develop a risk profile for each application.

Also Read: Nametag Launches Self-Service Account Recovery Solution That Stops AI-Generated Deepfake Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlights the need to take a “secure by design” approach as the most effective way to secure applications and the number of vulnerabilities that find their way into production4.   This holistic methodology involves integrating pervasive application security measures throughout the SDLC.

The report also states that risk assessments should be as automated as possible.  “At BreachLock, we find that automated application security solutions not only establish a baseline, but our built-in standardization offers consistent metrics that can be analyzed and used to foster stakeholder understanding of how application security can impact business outcomes and overall cyber resiliency,” added Sehgal.

Most enterprises have incorporated SDLC processes, but most lack automation and standardization.  This can often be the result of a mix of challenges such as a complex supply chain or a recent merger and acquisition.  At BreachLock, we are often asked by our customers how much of their application security testing should be automated.  That response differs and is dependent upon multiple factors, including security and business requirements, SLAs, the applications, APIs, and the security stack itself.  Are the technology mostly legacy systems or is it mixed with a more modern software development environment?  According to Gartner, application security testing is the most commonly automated security activity.  Forty-five percent of organizations report having automation fully or mostly in place for application security2.

In the end, application security and API-related security automation must start with an inventory of assets and the prioritization of all critical and high vulnerabilities, along with evidence of vulnerability remediations integrated into a security dashboard.  The BreachLock AI-driven platform provides user-friendly dashboards with evidence via Proof of Concepts (POCs) available directly within the platform.  These POCs accompany every vulnerability to better understand the context around the potential threat such as the depth of criticality and exposure to the associated asset and other assets, ease of exploitation of that application or API, and potential attractiveness by an attacker.

Following the highly effective secure-by-design approach to application security is a process that should be maintained long-term across the SDLC starting with ideation and design, through development, deployment, and maintenance.  This type of upfront investment not only provides cost savings and efficiencies to fix vulnerabilities early in the development lifecycle but can put enterprises on the road to inherently long-term resilience against emerging threats.

SOURCE: PRNewswire

Subscribe

- Never miss a story with notifications


    Latest stories

    spot_img